@trust is an encapsulation method, not an escape
via Digitalmars-d
digitalmars-d at puremagic.com
Sat Feb 7 06:19:28 PST 2015
On Saturday, 7 February 2015 at 12:40:26 UTC, David Nadlinger
wrote:
> Neither of those issues would have been prevented by your new
> guidelines; the code in question is already written in that
> way. Quite to the contrary, consequent application of minimal
> @trusted blocks or even the workaround you reject so strongly
> would have prevented all of the bugs except for 14138.
This is an incredibly poor argument. The fact that there is no
documentation for why the functions are @trusted and why they
have to be @trusted is testament to a flawed process.
If you insist on relying on half-assed flawed verification you
only catch those instances where it should not have been @trusted
in the first place, and which would have been caught at an early
stage with a decent process, but you will keep missing out on the
hard to detect cases.
You will run into much more difficult problems if you don't do
something about the safety review process.
Fix the weak typing rather than making the language more
convoluted, the latter compounds the problem in the long run.
More information about the Digitalmars-d
mailing list